Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-666

Update jackson-databind version to 2.9.8 due to vulnerability issues in jackson (CVE-2018-19360, CVE-2018-19362, CVE-2018-19361, CVE-2018-14720, CVE-2018-14721, CVE-2018-14719, CVE-2018-14718, CVE-2018-7489)

    XMLWordPrintable

    Details

    • Type: Fix
    • Status: Released (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.12.8
    • Fix Version/s: 1.12.9, 2.0
    • Component/s: None
    • Labels:
      None
    • CVE-ID:
      CVE-2018-19360, CVE-2018-19362, CVE-2018-19361, CVE-2018-14720, CVE-2018-14721, CVE-2018-14719, CVE-2018-14718, CVE-2018-7489

      Description

      Current Situation

      • Currently JOC Cockpit uses 3rd party library jackson-databind version 2.9.7.
      • A number of vulnerabilities affect this version, see https://www.cvedetails.com/

      Desired Behavior

      • Due to vulnerability Issues of older jackson-databind releases the JOC Cockpit should use the current version 2.9.8 that fixes the issues.

        Attachments

          Activity

            People

            • Assignee:
              sp Santiago Aucejo Petzoldt
              Reporter:
              sp Santiago Aucejo Petzoldt
              Approver:
              Oliver Haufe
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: